---
- name: Get nfs-utils
  yum: pkg=nfs-utils state=present

- name: Create /srv/pub directory
  file: path=/srv/pub state=directory

- name: Create /srv/web directory
  file: path=/srv/web state=directory

- name: Get libsemanage-python
  yum: pkg=libsemanage-python state=present

- name: Get policycoreutils-python
  yum: pkg=policycoreutils-python state=present

- name: Get mod_ssl
  yum: pkg=mod_ssl state=present

- name: Set httpd_use_nfs seboolean
  action: seboolean name=httpd_use_nfs state=yes persistent=yes

- name: check the selinux context rsyncd log
  command: matchpathcon /var/log/rsyncd-fedora.log
  register: rsyncdlog
  always_run: yes
  changed_when: "1 != 1"
  tags:
  - config
  - selinux

- name: /var/log/rsyncd-fedora.log file context
  command: semanage fcontext -a -t rsync_log_t /var/log/rsyncd-fedora.log
  when: rsyncdlog.stdout.find('rsync_log_t') == -1
  tags:
  - config
  - selinux

- name: /etc/motd_fedora
  copy: src=motd_fedora dest=/etc/motd_fedora

- name: Configure logrotate for /var/log/rsyncd-fedora.log
  copy: src=logrotate-rsync-fedora dest=/etc/logrotate.d/rsync-fedora

- name: check the selinux context pubdir
  command: matchpathcon /srv/pub
  register: pubdir
  always_run: yes
  changed_when: "1 != 1"
  tags:
  - config
  - selinux

- name: /srv/pub file contexts
  command: semanage fcontext -a -t httpd_sys_content_t "/srv/pub(/.*)?"
  when: pubdir.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
  - selinux

- name: Copy wildcard cert from puppet private
  copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644

- name: Copy wildcard key from puppet private
  copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600

- name: Copy intermediate wildcard cert from puppet private
  copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644

- name: Configure httpd dl main conf
  copy: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf
  notify:
  - reload httpd

- name: Make sure apache autoindex.conf is replaced with ours
  copy: src=httpd/dl.fedoraproject.org/autoindex.conf dest=/etc/httpd/conf.d/autoindex.conf
  notify:
  - reload httpd

- name: Configure httpd dl sub conf
  copy: src=httpd/dl.fedoraproject.org/ dest=/etc/httpd/conf.d/dl.fedoraproject.org/
  notify:
  - reload httpd
